Re: segfault on bad hostname resolve
Date: Mon, 14 Nov 2005 17:47:17 +0100
On Nov 13, 11:00, Daniel Stenberg wrote:
>Something we've done recenly causes segfaults in libcurl with c-ares builds.
>It seems to happen at least pretty consistently on IRIX when resolving a non-
>existing host name.
>See examples here:
Unfortunately I don't right now have time to come up with a proper fix,
but here is the analysis anyway:
It's a bus error, i.e. an alignment error (provoked by casting).
In the test that fails curl coredumps in ares/ares_mkquery.c line 159:
/* Finish off the question with the type and class. */
DNS_QUESTION_SET_TYPE(q, type); <--- here
This macro resolves to
#define DNS_QUESTION_SET_TYPE(q, v) DNS__SET16BIT(q, v)
which again resolves to
#define DNS__SET16BIT(p, v) *(unsigned short*)(p) = htons(v)
However, 'q' in ares_mkquery.c is defined as:
unsigned char *q;
which cannot be casted to an unsigned short* unless it by luck lands on
an even byte boundary. Which it doesn't in the test I ran:
(gdb) print q
$17 = (unsigned char *) 0x10031545 '\023' <repeats 11 times>
Received on 2005-11-14